Im trying to use ADFS authentication, but I have some doubts about where the configuration should be made.
In my company side there is an ADFS configured with an Active Directory. Im able to use oauth and authenticate users from that AD: I get an access token and an id_token.
I also have the need to authenticate users from another company, which also have an ADFS. So, I beleive there is a federation between both. In my ADFS side we have created a Claims Provider Trust for that ADFS. Im able to get an access token using oauth. However, Im not able to get an id_token. I cant also get some user information (claims) inside the access token.
I tried everything I could in my ADFS side, more concretly I applied a passthru to all claims in both the Claims Provider Trust and the Application Group. Hoerver, I was only able to see additional claims not related with user information.
So my first question is: because the user is authenticated in the external ADFS, isnt the responsability of this ADFS to include the needed claims? If yes, then that explains why may changes on my own ADFS only result on the addition of standard claims.
Does this also means that the AnchorClaimType should be added in the external ADFS and not in my own? (see: ADFS + OpenID Connect email claim and external ADFS) Because I tried everyting and I still get the same error. It only works with my own Active Directory.
thank you!
